CVE-2020-8216

moderate-risk

Published 2020-07-30

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.

Do I need to act?

~

2.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Connect Secure

Pulse Connect Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Policy Secure

Affected Vendors

Pulsesecure Ivanti

References (2)

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

Vendor Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516

45

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 21/34 · High